Regarding analytics, I believe browsers should take user's side and do not cooperate with marketing companies; even better, they should implement measures to make user tracking and fingerprinting more difficult. There is no need to track user's browsing history; just make a product better than competitors (so that it gets first place in reviews and comparisons) and buy ads from influencers.
It would be great if browsers made fingerprinting more difficult, i.e.: not allowed to read canvas data, not allowed to read GPU name, enumerate audio cards, probe for installed extensions etc. Every new web API should guarantee that it doesn't provide more fingerprinting data or hides the data behind a permission.
Regarding 3rd party cookies: instead of shady lists like RWS browsers should just add a button that allows 3rd party cookies as an exception on a legacy website relying on them (which is probably not very secure). Although, there is a risk that newspaper websites, blog websites and question-answers websites will force users to press the button to see the content.
Browsers were supposed to act as agents working for the user. User-agents. These days it's getting harder and harder to find a browser that doesn't work for an ad company at the expense of the user.
Chrome's entire reason for existing is data collection. Firefox can, for now at least, be hardened to work for the user (and prevent a lot of fingerprinting), but Mozilla is an ad-tech company too now. They've made their lack of respect for Firefox users clear by making Firefox spy on users by default so that Mozilla can sell that data to marketers.
Currently, you can disable that spying in about:config by setting dom.private-attribution.submission.enabled to false (see https://news.ycombinator.com/item?id=41311479 and also https://web.archive.org/web/20240827185708/https://make-fire...). No idea how long that will continue to be an option or how often you'll have to go back and reset that back to false following updates though.
We really need a new browser that actually works in the interest of the users.
The recent events related to FF are not that much of a shift, considering that Google pays $20B per annum to its (technically non-ad tech) partners, then 85% of Mozilla's total revenue comes from its partnership with Google. That ship had sailed long time ago.
https://untested.sonnet.io/Defaults+Matter%2C+Don't+Assume+C...
https://spyware.neocities.org/articles/firefox
Mozilla only has their Google billion$ in mind, not you. https://digdeeper.neocities.org/articles/mozilla
Google, of course, has rammed chrome into it's primary place.
I'm sorry, this seems egregious. I agree that it should've been off by default but I challenge anyone to read how the implementation works (not just the blog post and the FUD responses to it) before calling it a giveaway to the ad industry: https://github.com/mozilla/explainers/tree/main/ppa-experime...
FF is currently a key tool in the fight to avoid a Google-top-to-bottom future, and before we start the meme that it's gone to shit we should be really really sure that's actually true.
That still isn’t a great reason to then keep using the even worse option, being Chrome, instead.
FWIW, it's practically impossible to provide that guarantee because the API necessarily provides at least the data point of, "Did they select an option in the permission notification?" ("If yes, what option was selected?" etc.)
It's often said that the only solution to this is regulation and there seems to be a good case for that perspective.
Wrong. The status of permissions should not be visible to the page in most cases. Instead, fake data should be returned from them. That would be practical.
If a bird app (or, heck, pancake recipe site) asked for WebRTC or GPU access I would be rightfully suspicious. It's a shame these things don't happen.
If 99% of users will have permission disabled then it has little value, and only those who enabled it can be tracked. I don't give permissions to sites so this will not apply to me.
Also, the status of permission (1 bit) provides less information than API it protects (for example, list of installed fonts or GPU name) so it is a win.
https://news.ycombinator.com/item?id=40703546 - from 2 months ago
In light of that acquisition, this also seems related. Firefox is the best choice but Mozilla is the biggest reason why people aren't using it and shit like this doesn't help.
Kinda hard to enact when the leading browser is developed by an ad company. Worse, the same company is contributing to the firefox foundation and drives web "standards." Its all collusion and the simple fact that browsers are more complex than the OS they run on is deliberate in ensuring no scrappy team can disrupt them.
My curmudgeonly solution is to avoid as much of the web as possible and focus on human scale computing.
This should be what browser maker's #1 focus! Preventing fingerprinting of user's browser.
Seems all this cookies talk the news and for policy makers are just limited hangouts.
But anything more precise would be uncomfortable.
The tracking is a constant assault, and I'm no longer willing to put up any of it, even if the data being tracked is relatively minor. Screw the bastards, they've burned one too many bridges.
Also the data about you can be used to charge you a higher price. For example, if a company knows that the user is reading HN, and we know that people using HN (expect for me of course) all are mostly filthy rich Californian software engineers or enterpreneurs so they should have no problem with paying a little more.
I'd say the only area where I still see Chrome leading a bit is for web development: when I run super-heavy JavaScript in dev mode, Chrome is faster than Firefox at executing all the JavaScript nonsense. Seen that there's no ecosystem with more turds, bloatedness and slowness than that horror that JavaScript-the-piece-of-crap is, having a browser a bit quicker at running JavaScript helps.
Long story short: for Web development, I use Chromium (it ships with Debian). For the rest I use Firefox.
> Firefox also has HTTPS-only mode...
In doubt port 80 is blocked by the firewall too.
> encrypted DNS without fallbacks,
And Firefox has a relatively easy "corporate" setting too where you can force also DNS "in the clear" over port 53 UDP (well, it's 99.9999% of the time going to be UDP so you can even firewall port 53 TCP and things shall keep working: believe me I know: theory vs practice and all that)
It's convenient if you run your own DNS resolver (which, itself, can then be forced to only use encrypted DNS).
> supports SOCKS
I confirm: a SOCKS5 proxy over ssh is always sweet.
Firefox just works.
(Scroll down to Misc tests)
This seems to be a not very good comparison, and it looks like it cherry-picks convenient for a certain browser points and ignores others. Look at "fingerprint protection", for example, and see that it does not include features that provide most fingerprinting data:
- preventing reading GPU name via WebGL debugging extension (does Brave block this?)
- preventing reading back canvas data which is used to fingerprint browser and OS code responsible for rendering graphics and text
- enumerating audio devices
And if you read the issues in Brave github [1], then you'll notice that Brave developers refuse to block features providing important fingerprinting information under compatibility" reasons (including GPU vendor and model), although these features could be made blocked only in high security mode.
So regarding fingerprinting, the comparison you refer to is pretty much worthless: it doesn't mention many important fingerprinting APIs.
It allows long lived first party cookies so isn't that much better.
Only Safari clears them after 7 days to prevent tracking.
I assume it's because of situations where websites include JavaScript from a third party, and then that JS uses first party cookies as a state-keeping workaround while synchronizing tracking information in some other way.
> Related Website Sets (RWS) is a way for a company to declare relationships among sites, so that browsers allow limited third-party cookie access for specific purposes.
So the website itself gets to declare other "blessed" domains that can bypass third party cookie blocks? Big websites are constantly looking for ways to abuse users by bypassing their attempts at protecting themselves. How would anyone think these sites can be trusted not to abuse this?
But as the article details, the contents of that preliminary list is already disconcerting. The whole “Google as the arbiter of all things ads” concept is a bust.
But the alternative isn’t great either - today’s system of third party cookies allows for far worse. We need some better ideas.
How is that not the website declaring it? Approval processes are meaningless.
> today’s system of third party cookies allows for far worse.
That's why I want zero third party cookies.
Wtf, seriously? I skimmed the post and honestly didn’t think RWS was so bad, assuming that obviously it would be decentralized. A centralized list that Google (or some shell consortium) controls is the biggest no-no. Decades of erosion of web principles have clearly made us complacent.
Yes, this can, and will, be abused for tracking users across domains that they don't expect to be related.
But there are also legitimate use cases for this.
For example, consider the stackexchange family of sites. They are clearly related, have a unified branding, etc. but are on separate domains. On Firefox, which blocks third party cookies, I have to log in to each of those domains separately. I can't log in to stackoverflow.com, then go to superuser.com and already be logged in. That is a problem that First party sets would solve.
You can argue that it would be better for those sites to be subdomains of a single unified domain, but when the sites were created there wasn't any compelling reason to need to do that, because third party cookies were still very much alive and kicking. And I can say from experience that migrating an app to a different domain without breaking things for users is a royal pain, and can be very expensive.
I'm not saying that First Party Sets should be accepted as is, but it is attempting to solve real problems. And I think a solution that simultaneously protects users' privacy and maintains a good experience for sites that are legitimately related will be difficult to find, or maybe impossible.
Or are developers supposed to submit their related domains to each browser and they all have their own list to maintain?
This sounds like HSTS.
[0]: https://github.com/GoogleChrome/related-website-sets/blob/ma...
apparently this was written a few weeks ago :)
[0] https://news.ycombinator.com/item?id=41038586
[1] https://www.theverge.com/2024/7/22/24203893/google-cookie-tr...
If my favorite websites stop working with Firefox, they won't be my favorite websites anymore. I'll just stop using them instead.
"If Google limited 3rd party cookies, we'd go out of business!", said the companies who have literally 0 Safari users.
Maybe I missed the memo that we stopped hating monopolies? Every browser worth considering, except Firefox and Safari, is based on Chromium. Firefox and Safari make up about 20% global market share, meaning Chromium in about 80% [0]. A bug in Chromium is a bug in all of them. A backdoor in Chromium is a backdoor in all of them. A feature of Chromium, good or __bad__, is a feature in all of them. It baffles me that this isn't a bigger concern to more people.
Maintaining a very diverged fork can take even more work than building your own browser. I think they don't want to stop receiving upstream updates when the upstream is one of the biggest software projects in the world.
I am the main author of 2 papers evaluating the Topics API from Google: [1] and [2] and working on more research in that space.
I have also started compiling different papers and analyses on projects like the Privacy Sandbox initiative from Google (https://privacysandstorm.com/proposals/) as well as releasing other resources (datasets, tools, etc.), contributions welcome if you are interested!
Best,
Yohan (https://yohan.beugin.org/)
[1] Interest-disclosing Mechanisms for Advertising are Privacy-Exposing (not Preserving) https://petsymposium.org/popets/2024/popets-2024-0004.php
[2] A Public and Reproducible Assessment of the Topics API on Real Data - https://arxiv.org/abs/2403.19577
at the end of the day it seems like 90% of people using google products dont even care. while some even prefer the convivence of some features that directly save your info. not sure what percentage that is compared to the people that practice a lot privacy.
but shown by the chrome market share google really doesnt have to care about this section of users. the fact theyre willing to try things is a good sign imo. either way in 2024 to be complianing about google is funny to me. literally dont have to interact or use a google product, they already have your information and so does the internet better to not let them occupy any of your mind as well
Is that enough rationale to add this to the list?
They will have this as proposal, its status will be "not on any standards track", it will be shipped in Chrome, and enabled by default.
Firefox and Safari have both said "no, we're not doing that". And then chrome decided to move forward with it, regardless of whether it gets standardized.
> In our study, the large majority of users (~73%) made at least one incorrect determination of whether two sites were related to each other, and almost half (~42%) of the determinations made during the study (i.e., all determinations from all users) were incorrect. Most concerning, of the cases where both sites were related (according to the RWS feature), users guessed that the sites were unrelated ~37% of the time, meaning that users would have thought Chrome was protecting them when it was not.
> ... We conclude from this that the premise underlying RWS is fundamentally incorrect; Web users are (understandably, predictably) not able to accurately determine whether two sites are owned by the same organization. And as a result, RWS is reintroducing exactly the kinds of privacy harms that third-party cookies cause.
> Lest anyone judge the study participants for being uninformed, or not taking the study seriously, consider for yourself: which of the following pairs of sites are related?
1. hindustantimes.com and healthshots.com
2. vwo.com and wingify.com
3. economictimes.com and cricbuzz.com
4. indiatoday.in and timesofindia.com
> (For the above quiz, if you chose “4”, then, unfortunately that is incorrect. That is in fact the only pair of the four that isn’t considered “related” to each other.)
Google earned billions of dollars with their contextual ads long before pervasive tracking was a thing.
Nobody forgets that, and the issue (at least for me) isn't the ads, it's the spying. It's entirely possible to have a financially healthy ad ecosystem without the spying. It used to be the norm, even.
I would expect a popup like “This site wants to share cookies with stackexchange.com, press Allow to sign in, press Reject to reject forever or press Ignore to decide later”. Takes a single click to enjoy the benefits of both worlds. The mechanism should make sure that every website has a single “first-party domain” shared across all subsites and that first-party domain must not share cookies with any other site than itself to minimize confusion.
Also, there is no way to know which related site the user is logged in to, so they would have to prompt for every one of their sites.
I can also argue that Safari and Firefox have been blocking third party cookies for years now. So stack overflow has had plenty of time to adapt and migrate to the "right" organisation.
To me it look like either they care about allowing unified sign in on their various domaines, and they should have migrated to a subdomain model a long time ago, because users of Firefox, Safari etc have been negatively impacted for a long time. Or they do not care that much (which is fine), but then chrome blocking third-party cookies and the discussion around first party sets should not concern them too much.
In IT, big tech never wastes opportunity to introduce a dark design behind a useful feature.
Other sites seem to handle this fine with redirects and cross-origin headers. Sure, at some point you land on "signin.foo.com", but from the user experience you were authenticated without having to sign in again.
i generally like having the option for "sign in with github" as opposed to the all-encompassing "sign in with google" (ignoring that github is a microsoft account but not quite at this point)
smaller-scope IDPs for a particular field ("ey, you work on code stuff? you probably have either a github or gitlab account to log into our code-adjacent service" or "ey, you use stackoverflow? you can use that same login on superuser") is maybe a decent middle ground, where shared authentication is more explicit than third-party cookies were
However they could solve this "problem" in a number of ways, the most straightforward being to use subdomains instead of individual domains.
I put "problem" in quotes as it's not even a problem; it's browsers working as intended. When you visit different domain names, you should expect that your browser won't be aware of data (cookies) stored by other domains.
The cure is worse than the disease.
I don't know what it might take for people to migrate away from Chrome en masse, but the alternative is there.
No issues with Google services like Youtube (I'm an addict)
I keep Chrome installed just in case, and Edge due to being on Windows.
I think Mozilla is poorly managed and feature may have been slow or "lagging behind". But for me the lack of those shiny new things might as well be a feature than a bug.
brave a lot more shady and just wont say anything or let you opt out. many examples in the past. imagine if they were anywhere near a quarter of googles size it wouldnt be pretty imo.
All settings in Brave with an impact on user privacy are opt-in. They even inform you of their product metrics, when you first start it, despite having a paper on how they anonymize that data. Versus Firefox, which never bothered. Firefox, which also added metrics for ads, similar with Privacy Sandbox, without informing users.
I've never seen a browser with such a strong focus on privacy, the only contender it has being LibreWolf.
The hate against Brave on this forum is completely unjustified and based on falsehoods, as if the issue isn't about Brave itself.
Reminds me of the research that shows that 87% of people in the US can be uniquely identified with only three pieces of information: date of birth, gender, and zip code [1].
[1]: https://dataprivacylab.org/projects/identifiability/paper1.p...
timesofindia.com also redirected me on tabbing out to a "you won a free Samsung phone". Shady.
I've been using Brave as primary for years. At this point I'd pay for a license if it were necessary. Frankly that would be an improvement: if it's free, you're the product. Brave just monetizes you differently.
I no longer argue with the legion of Brave haters. I've decided they're a benefit: the more people that don't use Brave the less likely Google et al. will be compelled to destroy it.
Replace "Chrome" with "Internet Explorer" and we're back to 1999.
This is not how it works. The mechanism is about allowing a cluster of websites to choose a single first party domain and have all of them share cookies together, not sharing arbitrary cookie from arbitrary domain, otherwise it would create loopholes in connected components that bring back the downsides of third-party cookies. What you mentioned should be done using SSO.
After thinking about it a bit more, I have a clearer picture of how it should work in my mind:
* All cookies are double-keyed: the primary key is the origin of the top-level page and the secondary key is the origin of the page that sets the cookie, just like how partitioned cookies work right now.
* stackoverflow.com uses a header, meta tag or script to request changing its primary key domain to “stackexchange.com”
* The browser makes a request to https://stackexchange.com/domains.txt and make sure that “stackoverflow.com” is in the list, authorising this first-party domain change
* When the user agrees to the change, the page is reloaded with stackexchange.com as the primary key, thus stackoverflow.com can obtain login details from stackexchange.com via CORS or cross site cookies.
* A side effect is that all cookies and state are lost when switching the first-party domain. Should stackoverflow.com be acquired by a new owner, say x.com and changes its first-party domain to x.com, all cookies on stackoverflow.com are lost and the user will have to login on x.com again, maybe using credentials from stackexchange.com. It’s unfortunate but it works around the issues mentioned in the post in a clean way, avoiding loopholes that transfer cookies by switching the first-party domain frequently.
Way more than just two chromium browsers in existence.
Mozilla is a husk of what it could have been, and that's hurt Firefox.
I can't say for sure it would have worked, but I know that what Mozilla actually did do was actively counterproductive.
ZIP codes contain maybe 40K residents [0] (many contain fewer) and there have been around 25K days in the last 70 years. Sure births are not evenly distributed, but still...
[0] https://www.unitedstateszipcodes.org/images/comparison-of-po...
I think you're making the assumption that all three data points are needed for all 87%. But obviously some people can be uniquely identified based on just {zip, date or birth}, such that gender isn't necessary.
So the distribution could e.g. be 8% same, 8% opposite, 5% both, 79% neither, and explain the original numbers without triggering the paradox.
* side tabs, I would say, the tab is a horizontal extension of the page, so they're horizontal tabs, right?
Also the notion that Mozilla should "just support that"
lol
This is a thing the devs of Firefox should make and implement.
FWIW the about section says this: "Each privacy test examines whether the browser, on default settings, protects against a specific kind of data leak."
The maintainer is a Brave employee and this is a project they were already doing before joining Brave. I'm hoping that they aren't manipulating it in favor of Brave.
I sent those three options as a feature request. Do you think the site is still useful in some capacity?
> Do you think the site is still useful in some capacity?
Well, it is better than nothing although it would be better if there were more tests regarding fingerprinting.
Submitting your website to a list controlled by some arbitrary website on the Internet is very much different from serving some kind of metadata to visitors that their browsers interpret.
Also the approval process existing does matter. Under a normal situation when you serve some kind of metadata (like what sites you are "related" to) there is no "approval" process to who gets to serve this kind of metadata and who doesn't.
The tools to do this the right way exist in so many different ways.
Absolutely, but I wasn't positing some kind of metadata.
> Also the approval process existing does matter.
It can matter, but it often does not. I don't expect it to matter here because the big web players will not be denied their preferences.
There is a risk that it ends up like cookie banners, and the adtech industry manages to brainwash the world into thinking that the government is the bad guy and they just want some harmless data to share with their 1,345 best friends and they are “forced” to show these. Despite there being no requirement at all to track data, and they break the law with it anyway so why bother.
I was a bit dismayed when mozillians in the bugtracker dismissed the idea of requiring consent to initialize WebRTC. F'k it, scan the local network.
To clarify: your date of birth includes the year. It’s more specific than your birthday, which we usually think of as just day & month.
In other words, even if one person is extraordinarily tricky to find [0], their share of the total un-findable-ness does not diffuse outwards to help anybody else.
87% of the time, there are no others on my birthdate or there is one other and opposite gender.
13% of the time is 1 same gender or more of either or both.
They are making their own solution for vertical tabs.
You are free to install addons.
What is the issue?
Don't just make these snipe driveby comments.
Most people were never worried, and probably will never be worried, with the points you're listing there. That's not to say they've stopped hating browser monopolies, just maybe not your definition of what a browser monopoly is or why they're problematic.
In general (not just browsers) most people treat "popularity" and "monopoly" as completely orthogonal concepts. I.e. something unpopular can still be a monopoly, something with 99% usage can still not be a monopoly. There is typically just a tendency for extremely popular things to also happen to be a monopoly.
I'd like Firefox to stick around, but as far as I'm concerned, if Safari goes away, I couldn't care less.
Said another way, Chromium can not be updated to risk Google's business or profit.
Note that Firefox or Safari aren't going after Google's business due to the search deal. At this point, Google is funding all 3 major browser engines, so they have a level of control going beyond just controlling Chromium.
What they haven't done before is spend a fortune buying up an ad-tech start up. They barely even bother to maintain a pretense that they care about Firefox users. They basically came right out and said "We know that users don't want this, we can't convince them to, so we were right to force it on them by default and just hope most people don't notice and start complaining" (https://cdn.adtidy.org/blog/new/2wffyscreen_mozilla.png?mw=1...)
Fun fact: by subscribing to Pocket, you're directly contributing to Firefox's development.
Mozilla found itself in a situation of damned if they do, damned if they don't. People scream at them for depending on Google, and then they scream at them for trying to diversify their revenue.
Nobody wants to pay for a browser, browsers are essentially incredibly complex nowadays, and I have yet to hear how in the world are browsers supposed to get funding.
And of course they want to cater to advertisers because it is advertising that maintains the open web, and it is advertising that is paying for all browser development, actually, including Safari. And the open web is also dying, because people have been moving to mobile apps, where all pretence that "the user agent must act on your behalf" is gone. In other words, even if you get what you wish for, in a couple of years it may not matter at all.
As someone who worked both on advertiser and publisher sides (incl. content monetisation): advertisers like to say that they support publishers and the open web, but in fact, they are keeping it hostage.
We've had the means/tech to support publishers directly for years (I don't mean crypto). It's in the interest of companies like Google to keep users (and publishers, and brands) in the dark. And one of the issues here is that they have so much impact on the discourse. There are only few places, where I saw more people using ad blockers than the adtech businesses I worked with or at.
> Nobody wants to pay for a browser
True, but I don't think people would have an issue with paying for browsers if they understood the value of it. At this stage, I think the only solution would involve:
1) education 2) regulation/better legislation
People didn't like Pocket as a product. It wasn't as if they just didn't like it because Firdfox wanted to make money out of it.
Sure they should diversify, but with something that isn't otherwise (so) objectionable. Like their VPN, or sponsorship, or just let go of all the upper management.
That's not true. It isn't directly supporting anything except surveillance capitalism. Allowing yourself to be exploited in that way may indirectly support Firefox, but it's not the same thing as direct support.
Firefox users have literally begged Mozilla to let them actually directly support Firefox's development in the form of donations explicitly for that purpose alone, but Mozilla has always refused to allow it.
> Mozilla found itself in a situation of damned if they do, damned if they don't. People scream at them for depending on Google, and then they scream at them for trying to diversify their revenue.
People scream at them when they involve themselves in surveillance capitalism so yeah, spending a ton of money that could have gone into firefox development to instead buy an ad company so they can start spying on us while we use the internet isn't helping.
> Nobody wants to pay for a browser, browsers are essentially incredibly complex nowadays, and I have yet to hear how in the world are browsers supposed to get funding.
Are web browsers more "incredibly complex" than linux? I don't understand how people assume that web browsers are impossible to develop without selling users to the marketing industry while somehow linux and countless other open source projects have never once needed to do that.
Mozilla could at the very least try letting users pay for firefox development like users have been asking them to before they jump to selling firefox users out to the ad industry.
> And of course they want to cater to advertisers because it is advertising that maintains the open web
Advertising doesn't maintain the open web, it poisons it.
> And the open web is also dying, because people have been moving to mobile apps,
That's because many people don't own even computers anymore. Even where computers haven't been entirely replaced by devices that are designed for data collection and mindless content consumption, the cell phone is the computer that people have with them at all times. The dire situation around computing in general wouldn't be so bleak if we could get some decent and affordable mobile devices that weren't designed to spy on us, but I guess you might see it as that spying being what maintains the computer industry.
It might be just me, but I find Pocket quite useful and interesting. That, and syncing user accounts across browsers. It's extremely convenient to just stash a link that you can later open while browsing the web on your browser or sitting at home with another laptop.
I guess you can try to make an argument about that being better served with extensions, but that would be missing the forest for the trees. Meaning, extensions are intended to provide third-partied with a convenient way to add custom features and behavior. That is just wasted effort if it's Firefox wanting to add a feature.
Also, you don't need to use any of that if you don't want to. No one forces you to. At most, it takes a couple of clicks to hide the toolbar button. Is that what you call "downhill"?
Frankly, this blend of criticism sounds like grasping at straws. Some people sound like all they want to do is complain about something, and proceed to work backwards to try to find something anything to complain about. This stance is particularly baffling when taking into consideration how god-awful Chrome and Edge are.
- $120-140k, hetero, white, 190-220 lb, broadly Christian.
- $137,500/y, prefers tall redhead females, Irishman originally from Cork, 197 lb, observant Catholic.
The first one is too unspecific, while the second could suffice to identify a particular person in a neighborhood.
What makes a butter knife safe is not that it's completely devoid of an edge, but that its edge is sufficiently blunt.
I would very much prefer for advertisers to not even be able to determine my city, for personal safety. Throwaway account for obvious reasons.
If you belong to such a category that the mere belonging to it is a death sentence, if revealed, the situation is vastly different. You have to act more like a secret agent or a spy. This means constant, pervasive, fastidious opsec. Any death-sentence-invoking activities should be strictly separated from the normal civil life. Only use the normal browser to visit commerce, official news, and government web sites. Everything that is not openly pious and loyal should belong to ephemeral VMs with a fresh browser install every time (preferably several different), VPNs that are indistinguishable from legitimate web traffic, like XRay, truecrypt-protected media with some plausible deniability data, etc. It all takes quite some technical chops, but is not sufficient. Many other small details, related to technology or not, have to be carefully, well, sanitized, and any small slip can out you.
Such undercover life, while possible, is very tiring, takes a lot of extra time and energy, and noticing this also may mark you as suspicious.
Another browser API that may slightly help track you is a minor problem on this background, unless it pierces any of your layers of protection.
Though regardless of that, Related web sites (or whatever that set is currently called) does present a hole in that logic. It was originally meant to allow sites with different domains to share cookies/storage (like google.com and google.co.uk). From what it sounds like, bad actors are using it in the expected ways. There were supposed to be mechanisms to prevent this, but it seems like they failed in this case.
The list is in a public repository however, so Brave could have filled issues and a pull request to address the issue. Instead they decided to stage a meaningless survey and declare Chrome a threat to people everywhere.
Sure but most won’t unless the “go away now” button is “block” which I’m guessing Google wouldn’t do.
After years of back and forth, Google abandoned their efforts. You can still disable third party cookies, in fact I don't think there's been a version of Chrome that doesn't let you block them. Go to your settings and set "third part cookies" to always be blocked. By default, grouped sites may be permitted to read each other's cookies, but you can disable that too.
The problem Google faces is changing the default, simply blocking third party cookie has never been an issue.
It gives no benefits to end users. Ad companies will not stop using old methods, they will just add one more method.
I hope responsible Linux distributions will patch this out and disable by default.
A fair model would be if this feature was opt-in and if Mozilla paid to the users who enabled it.
> The purpose of this API is to provide a privacy-first design for advertising companies to be able to measure how advertising drives conversions. That is, answering the question of whether advertising effectively achieves its goals, such as increased sales.
Not my problem. I don't earn anything from their sales.
Firefox is rock solid, open-source, backed by a great organization (which has recently reinvested additional resources in it) and a joy to use imo. Also, the levels of vitriol that even the slightest bit of anonymous telemetry incurs is unhelpful and I encourage people who hold that viewpoint to really interrogate it.
Right now is actually Safari that prevents it, like it or not. Especially iOS one where users have to use it. Firefox is rounding error in this fight.
The implementation is just FLoC/Topics API all over again and it's still not compelling. The first kick in the teeth comes right at the start where the entire thing is predicated on data gathered from having an ad shoved in your face.
> At impression time, information about an advertisement is saved by the browser in a write-only store. This includes an identifier for the ad and whether this was an ad view or an ad click.
I do not want ads. Ever. Like many (likely most) firefox users, I go to some lengths to prevent them from showing up in any form. Now that firefox is going to be profiting directly off of firefox users seeing and clicking on ads they will certainly degrade our ability to prevent them.
It then involves sending my data to third parties so that it can be aggregated. Then my browsing has to be monitored to identify conversion events. None of this is acceptable.
Here's what their Cookie Monster paper says:
> User perspective. Ann browses various publisher sites that provide content she is interested in, such as nytimes.com and facebook.com. Ann does not mind seeing relevant advertising, understanding that it funds the free content she enjoys.
I am not Ann. I very much mind seeing advertising, relevant or not. I do not understand that if funds "free content" I enjoy. If I need to be exploited to pay for something, that thing it isn't "free" and if it's infested with ads I do not enjoy it. The entire thing is based on a fantasy where users find this acceptable. We don't and it isn't. If we did, we'd probably all just be using chrome.
> FF is currently a key tool in the fight to avoid a Google-top-to-bottom future
Why should we care if Firefox isn't Google if both are just going to exploit us?
I mean, what do we have now? Google and a bunch of middle-man ad techs are hoovering up everything they can get, including a crap-ton of stuff that browsers can't affect at all, and wink-wink-promising that they anonymize some of it in some cases even though no one can verify that. A world in which the subset of that data that passes through a browser has been provably anonymized would seem to be strictly better, even if you still don't like it.
Mozilla is literally an ad-tech company. They bought and now own an actual ad-tech start up, they are partnering with Facebook to develop and implement protocols like DAP, and they are currently working on turning firefox into an ad platform that will deliver reports of people's browsing history to marketers in exchange for money. In what way are they are not an ad-tech company exactly?
I'll admit that they aren't as bad as Google, but they're heading in that direction and they've also only just gotten into the ad-tech game. It took Google a long time to get as evil as they are now.
Rejecting firefox because of Mozilla's new role as an ad-tech company and their insistence on exploiting firefox users isn't the perfect becoming the enemy of the good. Surveillance capitalism isn't good. Maybe standing up for ourselves and our values by saying no to spying from Firefox will cause Mozilla to look to other options. Even if it doesn't, it will keep us from being exploited and tarnished by our participation in their decline.
I've been a firefox user from the very beginning. My first browser of choice was Netscape. I hate that the enshittification of firefox is here, but I won't ignore it any longer. We still have a few alternatives like librewolf that provide the benefits of firefox without the recent corruption, and there's some hope on the horizon with ladybird too. The internet is only in the sorry state it is now because we've conceded too much to advertisers. We need to start holding ourselves and the software/services we use to a higher standard or it's only going to get worse. If Mozilla suddenly wants to be a part of the problem, I'll leave them behind while I look for a new solution.
https://lunduke.locals.com/post/5053290/mozilla-2023-annual-...
https://lunduke.locals.com/post/4387539/firefox-money-invest...
Even the minor browsers, pretending to not be funded by ads at this point (while the VC capital is drying up) depend on one of the 3 browser engines, all of which are funded by ads.
Safari? Unless you're going to say that Apple gets the money for Safari through ads which, y'know, technically correct but disingenuous in this context, surely.
Could you elaborate?
(I know next to nothing about Brave, so I may not be aware of obvious examples)
See: 1 - https://en.wikipedia.org/wiki/Brave_(web_browser)#Business_m... 2 - https://web.archive.org/web/20181224011529/https://twitter.c...
Add this to /etc/hosts
0.0.0.0 www.google-analytics.com
0.0.0.0 google-analytics.com
0.0.0.0 ssl.google-analytics.comOn Macs and iOS, and iPadOS, it's clunkier than Safari, but less clunky than Firefox.
Perhaps the Windows experience is similar.
I'm not normally a fan of Apple at all, and I have no interest in using Safari myself, but here I am glad that they've so far refused to jump on the Chrome bandwagon: it's good for keeping the web standards-based so we don't have a repeat of the IE6 days.
Easily said, until it's your bank, or a government entity, or the electric company, or any of the thousands of other entities that have started blocking Firefox.
Firefox should really camouflage its user agent, or make it trivial to do so.
Anectodal one: I liked it.
If the overwhelming majority of users submits to Google, then Google has the power to erode privacy for everyone.
Still easily said, since I don't use the websites for any of those things anyway. If it's really important, or involves very sensitive personal information, I'm not doing it on the web.
> or make it trivial to do so.
There are extensions that make this very trivial.
It's definitely a position you can take, but that's a very minority position among web users these days.
For the rest of us, "Just stop doing it on the web" would be a pretty substantial lifestyle change and, practically speaking, not worth it.
Although, I rarely have to do anything with the bank that would require any online or offline process beyond using an ATM.
So no, that wouldn't really be a reason for me to stop using Firefox.
Mozilla employee made an easy user agent switcher called Chrome Mask
https://old.reddit.com/r/firefox/comments/1eic7bj/chroe_mask...
I believe it was an analytic bug in Disney+, where they didn't except Linux to be an acceptable OS.
My government certainly won’t do that, they have a strong open data background.
These are the primary issues I hear about regarding Brave on this forum.
It's also founded by Brendan Eich who was forced out of Mozilla for his strong and vocal opposition of same-sex marriage. I tend to be a bit idealistic, but this is a strong reason for me to avoid Brave, especially when they are injecting content into pages.
Especially when that position of power is the CEO of a browser that replaces content on web pages.
I can't remember all of the details but Mozilla made a blog post regarding 1/6 and their commentary didn't align with a browser that would try and protect users from state, NGO and "just research" edu adversaries.
Those "donations" were from handouts of BAT. What they "collected" was their own BAT that they've donated to users of Brave. And it wasn't long lived. At least they've been trying to create a business model that's privacy preserving and that benefits content creators. Firefox has been selling their users to Google for years.
> "suggesting affiliate links in the address bar"
You mean like what Firefox also did?
> "and installing a paid VPN service without the user's consent."
I've never seen a VPN service installed with Brave. Is this a Windows thing? If you're talking about the VPN functionality in Brave itself, isn't this what Firefox also did?
> "It's also founded by Brendan Eich who was forced out of Mozilla for his strong and vocal opposition of same-sex marriage."
He never talked on the topic. And did you know that, at that time, both Obama and Hillary Clinton were also opposed to same-sex marriage? Times change, people's minds have changed. Whatever beliefs he still has, he keeps private, as he should.
But yes, this confirms my suspicion that this is a US-politics thing, and for non-US citizens, it's getting annoying. While we are on the topic, don't you find it problematic when Mozilla engages in political activism, promoting Marxism? Or when they promote cancel culture?
https://blog.mozilla.org/en/internet-culture/chris-smalls-ri...
https://blog.mozilla.org/en/mozilla/we-need-more-than-deplat...
For me, these were never reasons to avoid Firefox, but seeing that this is how the world works now, maybe they should be. And I'm sorry for pointing at Firefox right now, I used it for years, but I'm sensing a serious double standard. So let's talk of Chrome ... have you surveyed the political beliefs of Chrome's developers? Because it's the big, faceless corporations that benefit from this kind of polarisation the most.
> > "suggesting affiliate links in the address bar"
> You mean like what Firefox also did?
Firefox did experiment with "Sponsored" results in the URL bar but they did not rewrite URLs to include affiliate links, which is also harmful to privacy: https://www.reddit.com/r/ProtonMail/comments/gybv0e/brave_br...
> I've never seen a VPN service installed with Brave. Is this a Windows thing? If you're talking about the VPN functionality in Brave itself, isn't this what Firefox also did?
Yes, this was a Windows thing: https://www.ghacks.net/2023/10/18/brave-is-installing-vpn-se...
Are you referring to the Mozilla VPN that is a separate download? https://www.mozilla.org/en-US/products/vpn/download/
> For me, these were never reasons to avoid Firefox, but seeing that this is how the world works now, maybe they should be.
Yes, you are absolutely entitled to "vote with your money" (or free usage / market share, as the case may be.) Boycotts are an integral component of free speech and self-expression.
The link you provide in support of this (https://blog.mozilla.org/en/internet-culture/chris-smalls-ri...) is an interview with Chris Smalls, a union organizer. It does not in any way promote Marxism.
(Smalls does at one point talk about "class struggle". He makes it explicit what he means: he thinks there is an opposition between "99.9% of us" and "the billionaires". This is not Marxism even though it uses one phrase that Marxists also use.)
> Or when they promote cancel culture?
The link you provide in support of this (https://blog.mozilla.org/en/mozilla/we-need-more-than-deplat...) is to a blog post titled "We need more than deplatforming". It mentions deplatforming but doesn't advocate it (though it doesn't condemn it either), and the actual things it calls for are all Not Cancel Culture: "reveal who is paying for advertisements", "commit to meaningful transparency of platform algorithms", "turn on by default the tools to amplify factual voices over disinformation", "work ... to facilitate in-depth studies of the platforms' impact on people and our societies".
You might reasonably disagree with those proposals; for instance, the next-to-last one could be anywhere from "excellent" to "dystopian" depending on what exactly "amplify X over Y" means and how "factual" versus "disinformation" is decided. But none of it is advocating cancel culture.
As for the "deplatforming" in the title: the specific case it's talking about is the idea that a social media platform should ban a particular user who had for some time plainly been breaking the platform's rules, and who (according to some) had used the platform to attempt to organize an antidemocratic coup. "Social media platforms should be encouraged to ban users who blatantly break their rules, even when those users bring them a lot of traffic" and "Social media platforms should not let themselves be tools for antidemocratic insurrection" are positions one can take without being a fan of "cancel culture".
(Not necessarily correct positions. E.g., if you hold that the insurrection in question was not antidemocratic, that it was a response to blatant election-rigging, then you will likely take a quite different view of how a social media platform should respond to it. I don't myself think that's a credible position, and I doubt the good faith of most of the high-profile people who endorse it, but I know it is something many people believe. Anyway, my point isn't that those positions are right, it's that they're positions many reasonable people take, and that getting from those to "Twitter was right to kick Donald Trump off" doesn't require any sort of endorsement of "cancel culture", and that therefore the fact that an article mentions the possibility of doing that in a not-obviously-disapproving way does not amount to "promoting cancel culture".)
To your point, unfocused fake data can be harmful to the faker but it seems focused fake data can work against the collectors.
Assuming that's true, it seems to waste everyone's time and bits to fake it instead of just not answering or a minimal denial.
It's actually much worse. That fake data is dangerous because data brokers don't really care how accurate their data is. Even the fake data AdNausium stuffs into your dossier will be used against you eventually, just like the real data will be. If you get turned down for a job, or your health insurance rates go up, or you have to pay more for something than you would have otherwise, you won't even be told that it was because of data someone collected/sold/bought. You sure won't be told if it was fake or real data and you won't be given any opportunity to correct it.
It must suck to live in a capitalist dystopia. Dunno why Americans put up with it.
This makes me think that people could make bank by doing nothing at all but generating 100% fabricated data to sell to brokers then. Why bother even collecting it, just have some GPT clone hallucinate some gigabytes of formatted BS. xD
Safari is funded ENTIRELY by Google's ads, also making a profit, and this is a fact. We can entertain a counterfactual, maybe Safari would still be funded without Google funding it with billions, but that's not the world we live in today.
And given Apple's reluctance to advance the web, going against their other cash cows, it's disingenuous to suggest otherwise. I recommend reading this opinion: https://infrequently.org/2022/06/apple-is-not-defending-brow...
I also want to be able to use the same browser at work as at home, and my workplace banned the use of Brave when it started including a VPN.
I have one internal corporate site which won’t work with Firefox for some reason, but never had any problems elsewhere.
its interesting that authority is in UK, but they pushed Google to abandon effort globally.
> For the rest of us, "Just stop doing it on the web" would be a pretty substantial lifestyle change
It really isn't, though, at least not for most people I know who aren't into tech. It would certainly mean changing some habits, which is often hard, but (at least in the US) it means giving up a relatively small amount of convenience, not a substantial lifestyle change.
Mozilla went hardcore political and Chrome copycat long after his time. There was no such controversy there under Eich, and even now as Brave's CEO he isn't doing anything to 'influence public opinion'. Browser CEOs aren't newspaper editors or activists, Mitchell Baker excepted.
---
I remember reading news in 2005 saying that Mozilla has established its Corporation subsidiary - and I had a bad feelings about it at that time. And years later we can see the effects - what's the revenue, how browsers market share looks like. Now, every time I'm reading that project, foundation xyz is creating "for profit" branch, subsidiary I know that this most likely won't end well. Profits will go over users needs, wishes each time and those at the project will change as well. It's like a magic wand appears and turns open-minded contributors into some mindless corporate drones with an arrogant attitude.
I want to still like Firefox but in last 14 years Mozilla managed to seriously deteriorate trust in its capabilities of handling their main product. And I also cannot fathom how they managed to screw up promotion of the browser and let Google dominate the market. That didn't happen overnight but Google at some point started to bundle their browser as "additional offer" in almost every software installer for Windows, while Mozilla did nothing similar.
Ultimately on the desktop I'll need something based on firefox because it can be hardened better than anything else I've seen and my work has me regularly dealing with some nasty websites.
I still have to find some options for mobile though.
I know what you're saying, I agree, as I worked (in the past) on advertising platforms as well, but both of those statements can be true at the same time.
The open web was built on advertising, but the perverse incentives in advertising are also poisoning the open web.
I don't think we've ever had a good solution. People like free stuff, and also, micro-transactions are not possible given the huge banking fees. What we're seeing, the alternative, are subscription-based services behind closed hardens, and mobile apps whose ads can no longer be blocked, so here we are.
I also think that Google isn't the greater evil, because Google has an incentive to keep the web going. For instance, what happens with local newspapers, when they die, besides depriving ad networks of revenue, is that the audience of these newspapers moves to walled gardens like Facebook. The failure of advertising on the web right now results in more centralisation.
We can change this via legislation. The “financialization” of everything feels related to the adtech conundrum.
Bringing banks to heel for the good of society is long overdue IMO.
Look up papers on UPI - https://en.wikipedia.org/wiki/Unified_Payments_Interface - it is heavily used for micro-transactions in India.
It's a major friction point.
How do you set up the payment relationship the first time? Maybe you can get it down to one click, at best, with stored credentials.
When you consume content, you still have to track expenditures, whether it's a prepaid credit balance draining or an invoice building up. Every pageview becomes a "is this worth 8 cents?" discussion.
A broad cooperative flat-rate programme-- Patreon on steroids-- seems the best way to manage that. The consumer signs up for the entire universe at $20 per month, and then doesn't have to think about what happens if he visits a new site, or opens 500 articles this month and 5 next month. It's all sorted out with analytics at the content-provider level.
Cryptocurrencies like Litecoin have low transaction fees (currently less than a cent). Apple somehow manages to sell apps that cost just several bucks.
Also, in Russia, a Fast Payment System allows transfers up to $1000/months without commission, however these terms are available only to personal transfers and not for business. But it shows that low-cost transfers are possible even in traditional banking system.
Apple (literally the single wealthiest company on the planet) "somehow" manages to sell inexpensive licenses to primarily ad- and surveillance-financed agents that infest end-user hardware through a marketplace that probably acts as a loss-leader for them to sell said hardware to begin with.
And "transfers of up to $1k/mo without commission"? (Why is that quoted in USD instead of Rubles?) Venmo, Zelle, Paypal, and countless other services in the US allow you to transfer $1k/mo and more without fees to other people using the same system and with a lot of friction to get money back out of said system. And the fees are still "only free to friends/family" specifically because you only need chargeback protection when paying to a business.
I actually worked on several projects like this and we found a few ways of making this work. A simple example would be having a wallet you can top up, so you can pay per article. The fee was _roughly_ 2x the CPM for a post, and the cost for an average user ca. $5 per month IIRC. There's a bunch of companies doing this stuff, but their usual issue was scale/publisher relationships. After a few years of trying and 3 companies later I ended up in a situation where this wasn't a problem. Apologies for being vague here.
> I also think that Google isn't the greater evil, because Google has an incentive to keep the web going
True, but the web Google wants to "keep going" is _very_ unlikely the same as the one that's good for users. Chrome or Android serve as storefronts, hence consent assumed by default (think Manifest V3, FLOC, etc...).
Example: think of the deal they signed with Conde Nast (and earlier Reddit). Nowadays, Google has exclusive access to search results from Reddit.
> For instance, what happens with local newspapers, when they die, besides depriving ad networks of revenue, is that the audience of these newspapers moves to walled gardens like Facebook. The failure of advertising on the web right now results in more centralisation.
I witnessed it in 2010s when working with publishers (EU, UK, and some US-based). It wasn't much different than what happened during the "cookiegeddon" around '17 '18 (IIRC): moving to new platforms, pushing towards subscriptions, bundles, or focussing on premium/high quality content.
The publishers I spoke with (again, as a vendor working in publishing and then, later, in adtech) generally would be more than happy to drop the ads if we had any other way to let people pay for stuff without using dark patterns (e.g. subscriptions people tend to forget about).
The only people who created pushback were not even their advertising partners, it was _their own sales people_, responsible for pushing their inventory via direct sales. It makes perfect sense, from a people/internal politics point of view. I'd be happy to elaborate on that, but it's getting a bit late!
People like free stuff, but they're also happy to pay for stuff if they understand its value. Imagine walking into a coffee shop and asking for a free americano promising that you'll stare at their ads on your phone for 5 minutes. (This idea only makes sense if you're running an adtech / marketing startup.)
Then, we have more interesting examples like The Guardian, where many of the people supporting them did so because they wanted _other_ people to have access to it.
So yeah, I agree that people like free stuff, and that the current situation is messy to say the least, but I think we need to take a step back and reconsider the things/ideas we take for granted.
> Insurers contend that they use the information to spot health issues in their clients — and flag them so they get services they need. And companies like LexisNexis say the data shouldn't be used to set prices. But as a research scientist from one company told me: "I can't say it hasn't happened." source: https://www.propublica.org/article/health-insurers-are-vacuu...
See also:
> Is it legal? As explained by William McGeveran, University of Minnesota professor of law, and Craig Konnoth, University of Colorado associate professor of law, it is — largely because federal law hasn’t kept pace with the modern, technological world in which we live. source: https://www.chicagotribune.com/2018/08/29/help-squad-health-...
Another important takeaway from that second article is that none of your "protected" HIPAA data is prevented from being sold as long as it's "anonymized" which is a total joke since it's often trivial to re-identify anonymized data. It's about as secure as requiring companies to ROT13 your data before they sell it. It will be used to identify and target you individually.
HIPAA doesn't say ROT13 or anything else in particular counts as "anonymized". It's an after-the-fact assessment. If your "encrypted" data is accidentally released, and there's any reasonable suspicion inside or outside the company that it's crack-able, then it's a YOU problem and you need to notify a bajillion people by mail and per-state press release plus large fines.
I think you're being overly pessimistic on the strengths of US regulations on this with regard to preventing deliberate malfeasance, and that most of the stupid we see in stories is really just by accident or individual actors.
Have you seen the guns that enforce it?
The UK doesn't seem so good any more from recent reports though. :(
/s
ROT13 was only an example of a step that makes data look "protected" in some way when it really isn't, just like the ineffective means used to anonymize data makes it look safe to sell that data when it really isn't.
There is a lot of research showing how easy it can be to identify an individual using data that has been anonymized. (https://www.technologyreview.com/2019/07/23/134090/youre-ver...)
HIPAA does provide a standard and guidelines for what they call the "de-identification of protected health information" (https://www.hhs.gov/hipaa/for-professionals/special-topics/d...) and it includes, for example, a list of specific identifying information that must be removed from the records before they can be sold or otherwise passed around in order to get safe harbor protections. It also includes an option where an "expert" ("There is no specific professional degree or certification program for designating who is an expert") can just say "Trust me bro, it's anonymized".
If somebody was able to buy their re-identified data from a broker and they could prove that was sold by a health provider bound by HIPAA, they would still have to prove that the provider who sold the data had "actual knowledge" that the broker would be able to re-identify the individual, where:
> actual knowledge means clear and direct knowledge that the remaining information could be used, either alone or in combination with other information, to identify an individual who is a subject of the information.
Which all seems like it would be almost impossible to prove unless the provider left obvious identifying information in the data, or if a whistleblower came forward with records of direct communication between the seller and buyer where the buyer was reassured that the data being sold to them would later be able to be re-identified.
Awareness of the fact that we have mountains of research showing that individuals are easy to re-identify from anonymized data doesn't count as "actual knowledge":
> Much has been written about the capabilities of researchers with certain analytic and quantitative capacities to combine information in particular ways to identify health information.32,33,34,35 A covered entity may be aware of studies about methods to identify remaining information or using de-identified information alone or in combination with other information to identify an individual. However, a covered entity’s mere knowledge of these studies and methods, by itself, does not mean it has “actual knowledge”
Which leaves us with healthcare providers who can use methods to "anonymize" data that have been proven to be vulnerable to re-identification, then freely sell that "anonymized" data to third parties with a nudge and a wink.
I'll admit to being pessimistic. We know that the strength of the regulations we have in the US has done little to slow down the buying and selling of our healthcare data.
We've also already seen a lot of very shady behavior by health care providers and companies such as tricking or coercing people into giving up their rights so that they don't even have to pretend to protect their data with anonymization before selling it. (see https://www.washingtonpost.com/technology/2022/06/13/health-... and https://www.washingtonpost.com/technology/2023/05/01/amazon-... and https://news.ycombinator.com/item?id=22177812 and https://www.12onyourside.com/story/23852025/on-your-side-ale...)
It is the entire point of DoH indeed, while hiding behind the idea that is somehow prevents the state/ISP from knowing which sites you go to (which it really doesn't).
There only one way to get best of both world:
- force your browser to never ever use DoH / DoT: force good old, in the clear, DNS over port 53
- run your own local DNS resolver (I run *unbound*)
- only ever allow DNS port 53 to/from your machine and your local resolver (I run *unbound* on an old Raspberry Pi)
- have your DNS resolver use DoH
But you also get full control over which domains can be resolved or not.
As a sidenote unbound supports "wildcards" when blocking domains, which is sweet (as opposed to your typical OS's hosts files, which doesn't support wildcard).
FWIW I've configured unbound to return 0.0.0.0 for the millions (!) of (wildcarded) domains I'm blocking and then I use dnsmasq, locally, to convert any 0.0.0.0 to transform into NXDOMAIN. It's versatile and I like that way.
It's Linux so you set that up once and it works for years.
DNS without DoH, DoT, or DoQ, is wide open to anyone snooping traffic in the raw, that’s not necessarily information you want to share with the world.
If somebody is on your local network capturing packets or they've cracked your wifi you've got bigger problems than your DNS leaking a list of domains. They'll also see the IP of every server you visit online anyway
The way DoH is implemented usually means that all of your DNS traffic is collected by some third party for-profit corporation like cloudflare anyway (who admittedly will already know most of the domains you visit anyway because of how often cloudflare's IP space is where DNS will point you).
There really aren't any good options for DNS and privacy, just a lot of compromises. Host your own. Or, if your ISP is trustworthy, you might be better off using what they provide. The DNS traffic between you and your ISP's servers should never leave their network.
People were setting their DNS resolver to custom values before DoH.
I agree that DoH would ideally be enabled at the OS level, or that the browser flow would default to still checking host file before sending out the query.
The browser should respect the OS. The OS should respect the network (dhcp/slacc). If you want to override this then that should be an active choice by the user.
I am quite happy with my OS using normal dns (via WireGuard when out) to my dns server which blocks bad domains before they even reach my firewall, I don’t need DoH, although I have no problem with that as a concept.
What I don’t like is my browser taking away my choice and breaking the model. It should defer to the OS (and I can’t see any time I wouldn’t want it to defer to the OS)
As for DoH, you can choose not to use it, or use your own DoH server. I see no problems with it.
There were other encrypted standards(dnscrypt for example) that didn't require you to do that, but the one that bypasses the OS was forced by adtech monopolist in charge.
> but the one that bypasses the OS was forced by adtech monopolist in charge.
Assuming by “adtech monopolist in charge” you mean Google, I don't think taking control from OS would benefit them given they effectively have control of more than two thirds of the mobile market share globally¹ so they are shooting themselves in the foot as much as anyone else – so I assume there are practical reasons², or purely technical ones, for DoH being their preferred choice (assuming that are pushing a preference).
And anyway, there is nothing that says applications have to implement DoH instead of letting the OS do that, Chrom{e|ium} and FF have gone that way in part because base OS support wasn't (isn't?) commonly available/enabled.
----
[1] A less than two thirds if you only count the US, as some published figures do, because Apple does rather better there compared to global averages.
[2] isn't dnscrypt's standard still officially a work-in-progress?
In the case of mobile apps, it is.
It seems that it does:
https://bugzilla.mozilla.org/show_bug.cgi?id=1544233
https://github.com/StevenBlack/hosts/issues/968
https://old.reddit.com/r/firefox/comments/e64073/dns_over_ht...
https://www.liquidweb.com/help-docs/Fixing-Firefox-Bypassing...
https://superuser.com/questions/437649/firefox-not-taking-no...
https://stackoverflow.com/questions/37452361/why-is-my-hosts...
> The entire point of these technologies is to prevent your ISP and everyone else along the way from knowing which websites you visit.
More correctly, the point is to shift all that from one organization to another. Maybe you trust Google or Mozilla more than you trust your ISP, but I don't think it's the same for everyone.
You could even argue that your ISP can already see which hosts you connect to, so using it's DNS resolvers doesn't add much information for them. Using DoH means that both your ISP and another party can see that.
Both privacy and security are layered, and perfect is the enemy of good. Securing the DNS is an obvious first step, forcing the Internet to HTTPS by default was another. Google and Mozilla have contributed to better privacy. People that want more privacy, depending on needs, can also use a VPN or for the more extreme cases, something like Tor.
Not sure what you mean about having to trust Google or Mozilla. I'm not using either Google's or Mozilla's DoH servers. But yes, I would trust them more than my local ISP. Google, at least, proved quite competent in handling whatever data they collect.
HUH?! No! You aren't supposed to implement DNS on the application level! Most modern OSes support some form of DNS over TLS at the system level. You should use that.
You can MITM the traffic, and continue to deliver the traffic using a self signed certificate that you’ve trusted on your mobile device, and boom, you can capture the traffic at your proxy point and be happy.
A lot of mobile apps use certificate pinning to ensure that the backend certificate matches what the app expects. Now your self signed certificate, even though it’s trusted at the OS level, no longer matches the certificate that the app is expecting, and no data is exchanged after TLS handshake fails.
Unfortunately they can, either through the unencrypted hostname passed in SNI or in the cert returned by the server .
[1] https://developers.cloudflare.com/ssl/edge-certificates/ech/
However it wasn’t, and it doesn’t defer to the OS or the network. I can’t set a dhcp option on my network to tell my dozens of clients what dns server to use, I have to manually adjust each browser. I additionally get different reaults depending what I use, my browser will contact a different server than any other application.
That’s broken behaviour which benefits AdTech companies like Google.
But at that point, you are effectively the ISP trying to control how users do DNS, in a way that might enable you to track/block/redirect. You might be trustworthy to your users so that is fine, but that isn't the case for every user's relationship with their service providers.
Is there an arrangement that would stop less trusted networks from tracking/redirecting/blocking DNS requests without (accidentally) helping AdTech by making DNS-based blocking harder?
First, you can disable encrypted DNS, second you can set up your own DNS server and setup browser to use it. And your own DNS server will respect DHCP config.
Personally I would like OS to completely ignore DHCP config (like proxy or DNS server address) because those features can be misused for malicious purposes.
I don’t have a problem with doing dns lookups over http, or any other protocol you want to use, if I configure my OS resolver to do that.
When people don’t like DoH they tend to mean they have a problem with bypassing the OS.
Theres then the concept of DoH, network admins have a harder job blocking it without MitMing traffic (and in some cases installing new root certificates and thus reducing security for users).
I’m less concerned about that. The argument for DoH often goes to “I don’t trust my network but I do trust Google” but I can see why some don’t trust their network. Personally I’d tunnel all traffic if I were on an untrusted network.
As someone who doesn’t trust Google (as their income comes from selling my personal data against my will) but does trust my network (as I am the network admin) I lean in the “anti DoH” camp, but regardless of which camp, DNS should be configured at the OS level (whether that’s a manual choice to use Google or cloudflare or whatever, or to accept the network hints)
I have a DoH server set in my Chromium browser, installed on my corporate laptop, and I love it, because my DNS queries don't leak to my network admin.
[1] Or at least you think you are. If your employer is running provisioning and "security" malware, I wouldn't take any bets on what they're logging or not logging.